Facebook Hit with UK£500k Penalty for Pre-GDPR Data Breach

In the UK previous week, the Information Commissioner’s Office (ICO) hit social media platform Facebook with a, comparatively, small but symbolic penalty in relation to the Cambridge Analytica date safety law breaks which concerned millions of users’ data being wrongly retrieved by the consultancy company.

The fine applied was UK£500,000, the maximum possible fine that might have been allowed before the May 25 launch date of the EU’s General Data Protection Regulation legislation. As per the new rules the penalty might have up to a maximum of UK£20 million or 4% of yearly international income, whichever figure is higher.

ICO issued a statement that said: “The ICO’s inquiry determined that Facebook broke the rule by failing to protect people’s information. It also found that the business failed to be transparent concerning how people’s information was picked by others”. Information Commissioner Elizabeth Denham was extremely disapproving of that indifference that Facebook demonstrated for data protection law in not safeguarding the confidential information of people and had not been clear regarding how data was collected by other platform users.

In the course of the inquiry, Facebook Chief Executive Officer Mark Zuckerburg faced queries as to how the political consultancy managed to be in custody of the private data of 87 million Facebook users. Facebook replied to the fine through an electronic mail from Facebook main secrecy officer Erin Egan which read: “As we have said earlier, we must have done more to scrutinize claims regarding Cambridge Analytica and take action in 2015. We have been working intimately with the ICO in their inquiry of Cambridge Analytica, as we have with authorities in the US and other nations. We’re studying the report and will reply to the ICO soon.”

Damian Collins British MP, the president of the Digital, Culture, Media and Sport, Committee that has been probing Cambridge Analytica, said: “Provided that the ICO is saying that Facebook violated the rule, it is necessary that we now know which other apps that ran on their platform might have scraped data similarly. This can’t be left to a clandestine internal inquiry at Facebook. If other developers violated the law we have a right to know, and the users whose data might have been undermined in this way must be informed.

“Facebook users will be rightly worried that the firm left their data far too susceptible to being gathered without their approval by developers working on behalf of firms like Cambridge Analytica. The number of Facebook users affected by this type of data scraping might be far greater than has presently been accepted. Facebook must now make the outcomes of their internal inquiries known to the ICO, our committee, and other related investigatory authorities.”